RealtimeUpdates::validate_update requires @secret to be set in the RealtimeUpdates
instance.
But the RealtimeUpdates can be initialized without it (with @app_access_token instead),
in which case validate_update will break.